Zero Day Monitor

Zero Day MonitorZDM

Dashboard Vulnerabilities Trending Zero-Days News About

Impressum Privacy Policy

Zero Day Monitor © 2026

3194 articles · 168073 vulns · 37/41 feeds (7d)

165,585 vulnerabilities total

linux · CVE-2026-31431 — crypto: algif_aead - Revert to operating out-of-placeKEVEXPLOITEDPATCHED

linux_kernel· CVSS 7.8

cis · CVE-2026-20127 — Cisco Catalyst SD-WAN Controller Authentication Bypass VulnerabilityKEVEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 10.0· CWE-287

linux · CVE-2026-43284 — xfrm: esp: avoid in-place decrypt on shared skb fragsKEVEXPLOITEDPATCHED

linux_kernel· CVSS 8.8

linux · CVE-2026-43500 — rxrpc: Also unshare DATA/RESPONSE packets when paged frags are presentKEVEXPLOITEDPATCHED

linux_kernel· CVSS 7.8

ui · CVE-2026-34908 — CVE-2026-34908: A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS deKEVEXPLOITEDPATCHED

unifi_os_server· CVSS 10.0· CWE-284

ptc · CVE-2026-12569 — Remote Code Execution (RCE) vulnerability in Windchill PDMlinkEXPLOITEDPATCHED

flexplm· CWE-20

ui · CVE-2026-34909 — CVE-2026-34909: A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to aKEVEXPLOITEDPATCHED

unifi_os_server· CVSS 10.0· CWE-22

geoserver · CVE-2024-36401 — GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code ExecutioKEVEXPLOITEDPATCHED

geoserver· CVSS 9.8· CWE-95

mappress · CVE-2026-56011 — WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerabilityKEVEXPLOITED

mappress maps for wordpress· CVSS 7.1· CWE-79

igniterealtime · CVE-2023-32315 — Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setuKEVEXPLOITEDPATCHED

openfire· CVSS 8.6· CWE-22

linux · CVE-2026-46333 — ptrace: slightly saner 'get_dumpable()' logicEXPLOITEDPATCHED

kernel· CVSS 7.1· CWE-362

libssh2 · CVE-2026-55200 — libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.cEXPLOITEDPATCHED

libssh2· CVSS 9.2· CWE-680

cis · CVE-2026-20230 — CVE-2026-20230: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session MaEXPLOITEDPATCHED

unified_communications_manager· CVSS 8.6· CWE-918

cis · CVE-2026-20245 — Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation VulnerabilityEXPLOITEDPATCHED

catalyst_sd-wan_manager· CVSS 7.8· CWE-116

langflow · CVE-2026-55255 — Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's FlowKEVEXPLOITEDPATCHED

langflow· CVSS 9.9· CWE-639

gpac project · CVE-2025-60474 — CVE-2025-60474: A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 alloEXPLOITED

mp4box· CVSS 7.5

linux · CVE-2026-46300 — net: skbuff: preserve shared-frag marker during coalescingEXPLOITEDPATCHED

linux_kernel· CVSS 7.8

google · CVE-2026-13033 — CVE-2026-13033: Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker EXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-125

google · CVE-2026-13038 — CVE-2026-13038: Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbiEXPLOITEDPATCHED

chrome· CVSS 8.8· CWE-416

jqlang · CVE-2026-39979 — jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted BuffersEXPLOITEDPATCHED

jq· CVSS 8.2· CWE-125